Package org.opensaml.saml.common.profile.impl

Class AddAudienceRestrictionToAssertions

  • All Implemented Interfaces:
    net.shibboleth.utilities.java.support.component.Component, net.shibboleth.utilities.java.support.component.DestructableComponent, net.shibboleth.utilities.java.support.component.InitializableComponent, org.opensaml.profile.action.ProfileAction
    public class AddAudienceRestrictionToAssertions
extends org.opensaml.profile.action.AbstractConditionalProfileAction
    Action adds an audience restriction condition to every assertion contained in a SAML 1/2 response, with the audiences obtained from a lookup function. If the containing Conditions is not present, it will be created.
    Event:
    EventIds.PROCEED_EVENT_ID, EventIds.INVALID_MSG_CTX

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      private void addAudienceRestriction​(org.opensaml.profile.context.ProfileRequestContext profileRequestContext, org.opensaml.saml.saml1.core.Conditions conditions)
      Add the audiences obtained from a lookup function to the AudienceRestrictionCondition.
      private void addAudienceRestriction​(org.opensaml.profile.context.ProfileRequestContext profileRequestContext, org.opensaml.saml.saml2.core.Conditions conditions)
      Add the audiences obtained from a lookup function to the AudienceRestriction.
      protected void doExecute​(org.opensaml.profile.context.ProfileRequestContext profileRequestContext)
      protected void doInitialize()
      protected boolean doPreExecute​(org.opensaml.profile.context.ProfileRequestContext profileRequestContext)
      private org.opensaml.saml.saml2.core.AudienceRestriction getAudienceRestriction​(org.opensaml.saml.saml2.core.Conditions conditions)
      Get the AudienceRestriction to which audiences will be added.
      private org.opensaml.saml.saml1.core.AudienceRestrictionCondition getAudienceRestrictionCondition​(org.opensaml.saml.saml1.core.Conditions conditions)
      Get the AudienceRestrictionCondition to which audiences will be added.
      void setAddingAudiencesToExistingRestriction​(boolean addingToExistingRestriction)
      Set whether, if an assertion already contains an audience restriction, this action will add its audiences to that restriction or create another one.
      void setAudienceRestrictionsLookupStrategy​(Function<org.opensaml.profile.context.ProfileRequestContext,​Collection<String>> strategy)
      Set the strategy used to obtain the audience restrictions to apply.
      void setResponseLookupStrategy​(Function<org.opensaml.profile.context.ProfileRequestContext,​org.opensaml.saml.common.SAMLObject> strategy)
      Set the strategy used to locate the Response to operate on.

      • Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

        getActivationCondition, setActivationCondition

      • Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

        doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

      • Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

        destroy, doDestroy, initialize, isDestroyed, isInitialized

      • Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

        initialize, isInitialized

    • Field Detail

      • log

        @Nonnull
private final org.slf4j.Logger log
        Class logger.

      • addingAudiencesToExistingRestriction

        private boolean addingAudiencesToExistingRestriction
        Whether, if an assertion already contains an audience restriction, this action will add its audiences to that restriction or create another one.

      • responseLookupStrategy

        @Nonnull
private Function<org.opensaml.profile.context.ProfileRequestContext,​org.opensaml.saml.common.SAMLObject> responseLookupStrategy
        Strategy used to locate the Response to operate on.

      • audienceRestrictionsLookupStrategy

        @Nullable
private Function<org.opensaml.profile.context.ProfileRequestContext,​Collection<String>> audienceRestrictionsLookupStrategy
        Strategy used to obtain the audiences to add.

      • response

        @Nullable
private org.opensaml.saml.common.SAMLObject response
        Response to modify.

    • Constructor Detail

      • AddAudienceRestrictionToAssertions

        public AddAudienceRestrictionToAssertions()
        Constructor.

    • Method Detail

      • setResponseLookupStrategy

        public void setResponseLookupStrategy​(@Nonnull
                                      Function<org.opensaml.profile.context.ProfileRequestContext,​org.opensaml.saml.common.SAMLObject> strategy)
        Set the strategy used to locate the Response to operate on.
        Parameters:
        strategy - lookup strategy

      • setAddingAudiencesToExistingRestriction

        public void setAddingAudiencesToExistingRestriction​(boolean addingToExistingRestriction)
        Set whether, if an assertion already contains an audience restriction, this action will add its audiences to that restriction or create another one.
        Parameters:
        addingToExistingRestriction - whether this action will add its audiences to that restriction or create another one

      • setAudienceRestrictionsLookupStrategy

        public void setAudienceRestrictionsLookupStrategy​(@Nonnull
                                                  Function<org.opensaml.profile.context.ProfileRequestContext,​Collection<String>> strategy)
        Set the strategy used to obtain the audience restrictions to apply.
        Parameters:
        strategy - lookup strategy

      • doInitialize

        protected void doInitialize()
                     throws net.shibboleth.utilities.java.support.component.ComponentInitializationException
        Overrides:
        doInitialize in class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
        Throws:
        net.shibboleth.utilities.java.support.component.ComponentInitializationException

      • doPreExecute

        protected boolean doPreExecute​(@Nonnull
                               org.opensaml.profile.context.ProfileRequestContext profileRequestContext)
        Overrides:
        doPreExecute in class org.opensaml.profile.action.AbstractConditionalProfileAction

      • doExecute

        protected void doExecute​(@Nonnull
                         org.opensaml.profile.context.ProfileRequestContext profileRequestContext)
        Overrides:
        doExecute in class org.opensaml.profile.action.AbstractProfileAction

      • addAudienceRestriction

        private void addAudienceRestriction​(@Nonnull
                                    org.opensaml.profile.context.ProfileRequestContext profileRequestContext,
                                    @Nonnull
                                    org.opensaml.saml.saml1.core.Conditions conditions)
        Add the audiences obtained from a lookup function to the AudienceRestrictionCondition. If no AudienceRestrictionCondition exists on the given Conditions one is created and added.
        Parameters:
        profileRequestContext - current profile request context
        conditions - condition that has, or will receive the created, AudienceRestrictionCondition

      • addAudienceRestriction

        private void addAudienceRestriction​(@Nonnull
                                    org.opensaml.profile.context.ProfileRequestContext profileRequestContext,
                                    @Nonnull
                                    org.opensaml.saml.saml2.core.Conditions conditions)
        Add the audiences obtained from a lookup function to the AudienceRestriction. If no AudienceRestriction exists on the given Conditions one is created and added.
        Parameters:
        profileRequestContext - current profile request context
        conditions - condition that has, or will receive the created, AudienceRestriction

      • getAudienceRestrictionCondition

        @Nonnull
private org.opensaml.saml.saml1.core.AudienceRestrictionCondition getAudienceRestrictionCondition​(@Nonnull
                                                                                                  org.opensaml.saml.saml1.core.Conditions conditions)
        Get the AudienceRestrictionCondition to which audiences will be added.
        Parameters:
        conditions - existing set of conditions
        Returns:
        the condition to which audiences will be added

      • getAudienceRestriction

        @Nonnull
private org.opensaml.saml.saml2.core.AudienceRestriction getAudienceRestriction​(@Nonnull
                                                                                org.opensaml.saml.saml2.core.Conditions conditions)
        Get the AudienceRestriction to which audiences will be added.
        Parameters:
        conditions - existing set of conditions
        Returns:
        the condition to which audiences will be added